How This Book Is Organized
This book is organized such that it can either be dipped into for information on a specific VPN type or it can be read from cover to cover.
If you are in the process of comparing and evaluating different VPN types with a view to their deployment in your network, or are preparing for a networking exam that includes coverage of VPN technologies, you may want to read Chapter 1 (which gives a high-level comparison), followed by one or more of the following chapters that deal with specific VPN technologies.
If, on the other hand, you are looking to improve and deepen your knowledge of VPN technologies in general, you might want to read the book cover to cover.
The book is arranged as follows:
Chapter 1, "What Is a VPN?" Chapter 1 poses (and answers) the deceptively simple question "What is a VPN?" In this chapter, you will find a high-level discussion and comparison of the various VPN types and technologies, which will clarify what the various VPN terms mean and how the technologies work. By the end of this chapter, the previously confused will be a lot more clear about what a VPN really is.
Chapter 2, "Designing and Deploying L2TPv3-Based Layer 2 VPNs (L2VPN)" L2TP has evolved from a tunneling protocol for PPP to become, in its latest incarnation (L2TPv3), a universal transport mechanism for a host of protocols such as Ethernet, Frame Relay, ATM (cell-relay and AAL5), HDLC, and PPP. This chapter discusses in-depth L2TPv3's advantages and disadvantages, how it operates, and how L2TPv3-based Layer 2 VPNs can be designed and deployed.
Chapter 3, "Designing and Implementing AToM-Based Layer 2 VPNs (L2VPN)" Any Transport over MPLS (AToM) provides a similar transport mechanism to L2TPv3, but over MPLS rather than IP. It, too, can transport protocols including Ethernet, Frame Relay, and ATM, and as such can be used to consolidate service provider networks and build Layer 2 VPNs. AToM's underlying technology, configuration, verification, and advanced design considerations are examined in this chapter.
Chapter 4, "Designing MPLS Layer 3 Site-to-Site VPNs" MPLS Layer 3 VPNs provide a highly scalable VPN architecture that provides any-to-any connectivity and can support real-time applications such as voice and video. This chapter provides a detailed discussion of the principles of its operation, its configuration, the provision of complex topologies, and Internet access.
Chapter 5, "Advanced MPLS Layer 3 VPN Deployment Considerations" Building on the foundation of Chapter 4, this chapter describes how MPLS Layer 3 VPNs can be extended to support carrier customers, interprovider and inter-autonomous system VPNs, QoS, and customer IPv6 VPNs.
Chapter 6, "Deploying Site-to-Site IPsec VPNs" IPsec remains a popular choice for implementing site-to-site VPNs. In this chapter, you can find a description of the algorithms and mechanisms that underlie IPsec, together with an in-depth discussion of the fundamentals of IPsec site-to-site VPN configuration using preshared key, encrypted nonce, and digital certificate authentication. Also included is detailed information about issues with IPsec and NAT (and how to get around them).
Chapter 7, "Scaling and Optimizing IPsec VPNs" This chapter builds on the discussion of the fundamentals of site-to-site IPsec VPNs in Chapter 6 by describing their scaling and optimization. Specific topics covered include Tunnel Endpoint Discovery (TED), Dynamic Multipoint VPN (DMVPN), scaling IPsec VPNs using digital signature authentication, quality of service (QoS), and avoiding the performance degradation caused by IPsec packet fragmentation.
Chapter 8, "Designing and Implementing L2TPv2 and L2TPv3 Remote Access VPNs" L2TP can be used to implement industry-standard remote access VPNs. This chapter provides comprehensive information about designing and deploying L2TP voluntary tunnel mode/client-initiated and compulsory tunnel mode/NAS-initiated remote access VPNs. Methods of securing L2TP remote access VPNs using IPsec as well as the integration of L2TP remote access VPNs with MPLS Layer 3 VPNs are also discussed.
Chapter 9, "Designing and Deploying IPsec Remote Access and Teleworker VPNs" IPsec can not only be used to provision site-to-site VPNs, but can also be used to implement remote access VPNs. A thorough description of their design and deployment is included in this chapter. The chapter describes configuration as well as special considerations, including the integration of IPsec remote access VPNs with MPLS Layer 3 VPNs, provisioning high availability, and allowing or disallowing split tunneling.
Chapter 10, "Designing and Building SSL Remote Access VPNs (WebVPN)" Although SSL is a relative newcomer as a VPN technology, it can provide significant advantages, especially if remote access users need to access the corporate network from insecure locations such as Internet cafés and airport kiosks.
In this chapter, you will find detailed information on designing and deploying both clientless remote access SSL VPNs, and SSL remote access VPNs using the Cisco SSL VPN Client. Also included is an examination of the Cisco Secure Desktop, which enables users to greatly improve the security of SSL VPN connections from insecure locations.
Read Comments To Download
1 comments:
http://rapidshare.com/files/114519135/Comparing__Designing__And_Deploying_VPNs__2006_.chm
or
http://tinyurl.com/5dzwt7
Post a Comment